Professional Documents
Culture Documents
Alejandro de Alda
Technical Marketing Engineer - CNBU
May, 2022
• What is Terraform?
• Terraform Building Blocks
• Provider
• Resources
Agenda •
•
Variables
Loops & Conditionals
• Data Sources
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
What is Terraform?
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
• Infrastructure Provisioning Tool
• Open Source
• Commercial support available
What is Terraform? • Declarative and idempotent
• Immutable Infrastructure paradigm
• Versatile: Can manage a wide range
of systems
• VMs, network devices, cloud instances,
etc.
• Zero server-side dependencies
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Ansible or Terraform?
• Both Ansible and Terraform can coexist
• It’s not an either/or story
• Terraform can call Ansible for ad-hoc tasks after deploying a VM
• Terraform keeps state locally
• It knows what is configured vs desired end-state
• Can automatically destroy / recreate resources
• Ansible mutate the infrastructure
• Need to re-run everything
• Might need to create advanced controls to avoid long running scripts
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Declarative vs. Imperative
• Define what the eventual target • Define how the infrastructure
configuration should be should be changed
• e.g., 1 Tenant with 2 BDs and 2 EPGs • e.g., Add BD X and EPG Y
• Define the desired state • Automate a common use case (e.g.,
add a network segment)
• Automation is responsible for the
desired state to be reflected in the • Automation defines steps
infrastructure (workflow) to end with the desired
conclusion
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Terraform Building Blocks
Variables
Modules
Resources
Provisioners
...
Providers
HCL
Resources Execution
Plan REST
terraform.bin
Data Sources
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Installing Terraform For Reference
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Terraform Workflow
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Terraform Building Blocks
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Provider
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Terraform Providers
Overview
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Terraform Providers
Cisco Providers
Data Center
ACI Multi Site DNA Center Intersight
Cloud / Onprem
Network
Orchestrator
Manager
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Terraform Cisco ACI Provider
Declaring and configuring provider
terraform {
required_providers { Required starting from
aci = { terraform 0.13
source = "ciscodevnet/aci"
version = "0.7.0"
}
}
} If login domain is used,
username would be:
provider "aci" { “apic:demo_domain\\\\user”
username = ”admin"
password = ”password”
# private_key = ”/Users/adealdag/.ssh/labadmin.key" Authentication supported using
# cert_name = "labadmin.crt" username/password or
url = ”https://apic-ams.cisco.com” certificates (recommended)
insecure = true
}
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Terraform Cisco ACI Provider
Initialization
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Terraform Cisco ACI Provider
Upgrade
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Terraform Cisco ACI Provider
Upgrade
[...]
[...]
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Resources
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Terraform Resources
Overview
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Terraform Resources
Documentation
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Terraform Resources
Building our first execution plan
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Variables
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Variables
Overview
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Variables
Definition
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Variables
Assigning variable values
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Loops
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Terraform Loops
Count
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Terraform Loops
Count
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Terraform Loops
For_each
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Terraform Loops
For_each - Variable Definition
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Conditionals
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Terraform Conditionals
Using Count
parent_dn = aci_bridge_domain.bd_192_168_1_0.id
Creates the resource only if the
ip = var.bd_gateway condition is met
scope = var.bd_scope
}
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Terraform Conditionals
Combined with for/for_each loops
tenant_dn = aci_tenant.demo.id
name = each.value.name
arp_flood = each.value.arp_flood
unicast_route = each.value.type == "L3" ? "yes" : "no" In-line conditional
unk_mac_ucast_act = each.value.type == "L3" ? "proxy" : "flood"
unk_mcast_act = "flood"
relation_fv_rs_ctx = aci_vrf.main.id
}
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Data Sources
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Terraform Data Sources
Overview
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Terraform Data Sources
Example
relation_fv_rs_bd = var.bridge_domain_id
}
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Running Plan
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Terraform Plan
Calculating the delta
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Terraform Plan
Calculating the delta
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
+ create
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Terraform Apply
Applying the changes
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Terraform Apply
Applying the changes
$ export TF_LOG={TRACE|DEBUG|INFO|WARN|ERROR}
NOTE: Check Terraform documentation to learn about other options, such as TF_LOG_PROVIDER,
TF_LOG_PATH, logging to JSON, ...
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Terraform State
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Terraform State
Overview
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Terraform State
Remote Backends
Use terraform login to log into Terraform Cloud and obtain the token.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Terraform State
Inspecting state
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Terraform State
Inspecting state
data.aci_l3_domain_profile.core_l3dom
aci_bridge_domain.bd["bd01"]
aci_bridge_domain.bd["bd02"]
aci_subnet.net["bd01"]
aci_tenant.demo
aci_vrf.main
module.l3out_core.aci_bgp_peer_connectivity_profile.bgp_peer["asa"]
module.l3out_core.aci_external_network_instance_profile.l3instp["default"]
module.l3out_core.aci_l3_ext_subnet.l3instp_subnet["default.0.0.0.0"]
module.l3out_core.aci_l3_outside.l3out
module.l3out_core.aci_l3out_bgp_external_policy.bgp
module.l3out_core.aci_l3out_path_attachment.l3ip_path["103.1.19"]
module.l3out_core.aci_logical_interface_profile.l3ip
module.l3out_core.aci_logical_node_profile.l3np
module.l3out_core.aci_logical_node_to_fabric_node.l3np_node["103"]
[...]
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Terraform State
Inspecting state
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Terraform State
Config Drifts
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Terraform State
Config Drifts
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using
ignore_changes, the following plan may
include actions to undo or respond to these changes.
──────────────────────────────────────────────────────────────────────────────────────────────────────────
───────────────────────────────────── No changes to be made
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Terraform State
Config Drifts
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Terraform State
Config Drifts
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using
ignore_changes, the following plan may
include actions to undo or respond to these changes.
──────────────────────────────────────────────────────────────────────────────────────────────────────────
───────────────────────────────────── No changes to be made
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Terraform State
Importing Infrastructure
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Terraform State
FAQ
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Terraform State
FAQ
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Terraform State
FAQ
• Display the current state and configure your resource to match that
$ terraform state show aci_vrf.prod
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Terraform State
FAQ
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
• Terraform has become the de-facto
IaC tool
• Using Terraform, you write your
desired infrastructure state,
Key points to Terraform takes care of the rest
remember • There is an extensive (and growing)
list of resources within the Cisco
ACI provider for Terraform
• There are also providers for other
Cisco DCN products
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
• Terraform Cisco ACI Provider Documentation
https://registry.terraform.io/providers/CiscoDevNet/aci/latest
Reference
https://github.com/CiscoDevNet/terraform-provider-aci
https://github.com/CiscoDevNet/terraform-provider-mso
https://github.com/CiscoDevNet/terraform-provider-dcnm
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62